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Continued Examination Under 37 CFR LI 14 

1 . A request for continued examination under 37 CFR 1.114, including the fee set forth in 
37 CFR 1.17(e), was filed in this appUcation after final rejection. Since this appHcation is 
eUgible for continued examination under 37 CFR 1.1 14, and the fee set forth in 37 CFR 1.17(e) 
has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 
37 CFR 1.1 14. AppUcanfs submission filed on July 26, 2004 has been entered. 

Claim Rejections - 35 USC § 102 

2. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

3. Claims 1-13, 15-21, 23-41, 43-57 and 60-66 are rejected under 35 U.S.C. 102(e) as being 
anticipated by O'Hare et al. (USPN: 6,484,173). 

Regarding claims 1, 6-7 and 12, O'Hare discloses in response to a non-media access request (a 
system call) by a first of the plurality of devices to a logical device at the shared resource for 
which the first device has no data access privileges (wherein data access privileges refers to read 
or write access) (C 10, L 13-14; this condition occurs when access control of the system includes 
read and write operations and when read and write operation access types are not allowed for the 
first device to the logical device at the shared resource; each requesting device is allowed access 
to certain regions of the shared resoxirce for certain access types, refer to C 10 - C 14; Figure 5 
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and Figure 6), determining whether the first device is authorized to have non-media access to the 
logical device, based at least in part, on an identity of the first device (Figure 6, References 216- 
>220->224->226->228->230->214; C 13, L 4-67; C 14, L 1-21) and authorizing the non-media 
access request when it is determined that the first device is authorized to have non-media access 
to the logical device (C 14, L 19-22). 

Regarding claims 2-3 and 16, O'Hare discloses denying the non-media access request when it is 
determined that the first device is not authorized to have non-media access to the logical device 
(C 13, L 57-61; this effectively ignores the request since the request is never processed or 
executed). 

Regarding claims 4 and 17-18, O'Hare discloses forwarding the non-media access request to the 
physical device corresponding to the logical device (Figure 1, References 34-36; Figure 3; 
Reference 36; requests are forwarded to the physical device via ports 34-36; C 7, L 31-39). 

Regarding claims 5, 24 and 32, O'Hare discloses system calls, which control configuration and 
operation of the storage system and thus such system intrinsically includes any requests which is 
related to configuring or operating the storage system and that includes an availability request (C 
6, L 30-32). 

Regarding claims 8 and 10, O'Hare discloses the elements of claim 1 performed by a filter 
(security module; C 14, L 22-32) that controls access to a plurality of logical devices (Figure 1, 
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References 24-26) at the shared resource (Figure 1, Reference 22) and further comprising 
maintaining in a data structure (matrix, Reference 100 in Figure 5) accessible to the fiUer 
configuration information corresponding to the first device wherein the configuration 
information includes first configuration information identifying each of the plurality of logical 
devices (W, X, Y, Z) to which data access (access indicated by one of B, C and M which 
represents data access level) by the first device (one of requestors Q, R, S, T and V) is authorized 
and whether the non-media access (access indicated by one of B, C and M which represents the 
non-media access level) is authorized to each of the plurality of logical devices for which the 
configuration information identifies that no data access is authorized for the first device (C 10, L 
21-67; C 11, L 1-32). 

Regarding claim 9, O'Hare discloses examining the configuration information corresponding to 
the first device to determine whether the first device is authorized to have non-media access to 
the logical device (C 13, L 54-61). 

Regarding claims 1 1 and 23, O'Hare discloses determining whether an access request by the first 
device is one of a data access request and a non-media access request (C 13, L 54-61). 

Regarding claims 13 and 21, O'Hare discloses the storage system performing the operations in 
claim 12 (Figure 3, Reference 22, 60; C 14, L 22-32). 
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Regarding claims 15, 19-20 and 25-27, O'Hare discloses maintaining in a data structure (matrix, 
Reference 100 in Figure 5) accessible to the filter configuration information corresponding to the 
first device wherein the configuration information includes first configuration information 
identifying each of the plurality of logical devices (W, X, Y, Z) to which data access (access 
indicated by one of B, C and M which represents data access level) by the first device (one of 
requestors Q, R, S, T and V) is authorized (C 10, L 21-67; C 1 1, L 1-32); in response to a non- 
media access request (a system call) by a first of the plurality of devices to a logical device at the 
shared resource for which the first device has no data access privileges (wherein data access 
privileges refers to read or write access) (C 10, L 13-14; this condition occurs when access 
control of the system includes read and write operations and when read and write operation 
access types are not allowed for the first device to the logical device at the shared resource; each 
requesting device is allowed access to certain regions of the shared resource for certain access 
types, refer to C 10 - C 14; Figure 5 and Figure 6), determining whether the first device is 
authorized to have non-media access to the logical device and authorizing the non-media access 
request when it is determined that the first device is authorized to have non-media access to the 
logical device (Figure 6, References 202, 216, 220, 224, 226, 228, 230 and 214; C 12, L 57-65; C 
13, entire; C 14, L 1-21). 

Regarding claims 28, 33, 38-41, 48, 52 and 57, O'Hare an input to be coupled to the network, 
wherein the network couples the plurality of devices to the shared resource (Figure 3, Reference 
62; C 4, L 18-30); and at least one filter (Figure 3, Reference 64; C 14, L 22-32) coupled to the 
input (via Reference 62 in Figure 3) that is responsive to the non-media access request by a first 
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of the plurality of devices to a logical device at a shared resource for which the first device has 
no data access privileges (wherein data access privileges refers to read or write access) (C 10, L 
13-14; this condition occurs when access control of the system includes read and write 
operations and when read and write operation access types are not allowed for the first device to 
the logical device at the shared resource; each requesting device is allowed access to certain 
regions of the shared resource for certain access types, refer to C 10 - C 14; Figure 5 and Figure 
6), to determine whether the first device is authorized to have non-media access to the logical 
device and to authorize the non-media access request when it is determined that the first device is 
authorized to have non-media access to the logical device (Figure 6, References 202, 216, 220, 
224, 226, 228, 230 and 214; C 12, L 57-65; C 13, entire; C 14, L 1-21). 

Regarding claim 29, 31, 49 and 51, O'Hare discloses the filter denying the non-media access 
request when it is determined that the first device is not authorized to have non-media access to 
the logical device (C 13, L 57-61; this effectively ignores the request since the request is never 
processed or executed). 

Regarding claims 30 and 50, O'Hare discloses a plurality of storage devices (C 5, L 64-67) 
coupled to the at least one filter, and wherein when it is determined that the first device is 
authorized to have non-media access to the logical device, the at least one filter forwards the 
non-media access request to a storage device corresponding to the logical device (C 7, L 48-67; 
C 8, L 1-24). 
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Regarding claims 34, 36, 48 and 53-54, O'Hare discloses data structure (matrix, Reference 100 
in Figure 5), accessible to the at least one filter, that stores configuration information 
corresponding to the first device that includes first configuration information identifying each of 
a plurality of logical devices (W, X, Y, Z) at the shared resource to which data access (access 
indicated by one of B, C and M which represents data access level) by the first device (one of 
requestors Q, R, S, T and V) is authorized and second configuration information identifying 
whether non-media access (access indicated by one of B, C and M which represents the non- 
media access level) is authorized to each of the plurality of logical devices for which the first 
configuration information identifies that no data access is authorized for the first device (C 10, L 
21-67; C 11, L 1-32). 

Regarding claims 35 and 55, O'Hare disclose the at least one filter examining the second 
configuration information corresponding to the first device to determine whether the first device 
is authorized to have non-media access to the logical device (C 13, L 54-61). 

Regarding claims 37 and 56, O'Hare discloses examining the access request to determine 
whether the access request is one of a data access request and a non-media access request (C 13, 
L 54-61 - determining access request type). 

Regarding claims 28, 33, 38-41, 48, 52 and 57, O'Hare an input to be coupled to the network, 
wherein the network couples the plurality of devices to the shared resource (Figure 3, Reference 
62; C 4, L 18-30); and at least one filter (Figure 3, Reference 64; C 14, L 22-32) coupled to the 
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input (via Reference 62 in Figure 3) that is responsive to the a non-media access request by a 
first of the plurality of devices to a logical device at a shared resource for which the first device 
has no data access privileges (wherein data access privileges refers to read or write access) (C 
10, L 13-14; this condition occurs when access control of the system includes read and write 
operations and when read and write operation access types are not allowed for the first device to 
the logical device at the shared resource; each requesting device is allowed access to certain 
regions of the shared resource for certain access types, refer to C 10 - C 14; Figure 5 and Figure 
6), to determine whether the first device is authorized to have non-media access to the logical 
device and to authorize the non-media access request when it is determined that the first device is 
authorized to have non-media access to the logical device (Figure 6, References 202, 216, 220, 
224, 226, 228, 230 and 214; C 12, L 57-65; C 13, entire; C 14, L 1-21). 

Regarding claim 29, 31, 49 and 51, O'Hare discloses the filter denying the non-media access 
request when it is determined that the first device is not authorized to have non-media access to 
the logical device (C 13, L 57-61; this effectively ignores the request since the request is never 
processed or executed). 

Regarding claims 30 and 50, O'Hare discloses a plurality of storage devices (C 5, L 64-67) 
coupled to the at least one filter, and wherein when it is determined that the first device is 
authorized to have non-media access to the logical device, the at least one filter forwards the 
non-media access request to a storage device corresponding to the logical device (C 7, L 48-67; 
C 8, L 1-24). 
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Regarding claims 34, 36, 48 and 53-54, O'Hare discloses data structure (matrix, Reference 100 
in Figure 5), accessible to the at least one filter, that stores configuration information 
corresponding to the first device that includes first configuration information identifying each of 
a plurality of logical devices (W, X, Y, Z) at the shared resource to which data access (access 
indicated by one of B, C and M which represents data access level) by the first device (one of 
requestors Q, R, S, T and V) is authorized and second configuration information identifying 
whether non-media access (access indicated by one of B, C and M which represents the non- 
media access level) is authorized to each of the plurality of logical devices for which the first 
configuration information identifies that no data access is authorized for the first device (C 10, L 
21-67; C 11, L 1-32). 

Regarding claims 35 and 55, O'Hare discloses the at least one filter examining the second 
configuration information corresponding to the first device to determine whether the first device 
is authorized to have non-media access to the logical device (C 13, L 54-61). 

Regarding claims 37 and 56, O'Hare discloses examining the access request to determine 
whether the access request is one of a data access request and a non-media access request (C 13, 
L 54-61 - determining access request type). 

Regarding claims 43-47, O'Hare discloses a computer readable medixmi (C 18, L 36-60) 
comprising a data structure relating to access management by a plurality of network devices to 
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data stored on a plurality of logical devices of a shared resource, the data structure including a 
plurality of records each corresponding to one of the plurality of network devices, a first record 
of the plurality of records corresponding to a first of the pluraHty of network devices and 
including configuration information identifying each logical device of the plurality of logical 
devices to which data access by the first network device is authorized to have non-media access 
to a first logical device of the plurality of logical devices when the configuration information 
corresponding to the first network device identifies that no data access to the first logical device 
fi-om the first network device is authorized (Figure 5, C 10, L 28-67; C 1 1, entire; C 12, L 1-33). 

Regarding claims 60-66, O'Hare discloses a plurality of storage devices that store a pluraUty of 
logical volumes of data (C 5, L 64-67); a data structure to store configuration information 
identifying whether a first network device of a plurahty of network devices [C 4, L 18-30 - when 
the devices are coupled to the storage via a network, the devices are network devices] that are 
coupled to the storage system is authorized to access data on a first logical volume of the 
plurality of logical volumes (Figure 5, Reference 100; C 21-67 ; C 1 1, L 1-32); and a filter, 
responsive to the configuration information stored in the data structure, to selectively forward 
non-media access requests fi-om the first network device to the first logical volume when the 
configuration information identifies that no data access to the first logical volume fi-om the first 
network device is authorized (Figure 3, Reference 64; C 14, L 22-32; Figure 6; C 12, L 57-67; C 
13, entire; C 14, L 1-21). 
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Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

5. Claims 14, 22 and 59 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
O'Hare et al. (USPN: 6,484,173). 

Regarding claims 14 and 22, O'Hare discloses the limitations cited above in claims 12 and 15, 
however, O'Hare does not disclose the operations of claim 12 performed outside of the storage 
system. In O'Hare's system the operations are performed within the storage system. It is well 
known in the art to remove functionality from one device to another to simpUfy the design 
thereof or to free the device from performing such functions so that the device may perform 
other functions [efficiency]. This feature would be desirable in the system of O'Hare if one 
wanted to simplify the design of the storage system or to operate the storage system more 
efficiently and thus it would have been obvious to one of ordinary skill in the art to modify 
0' Hare's system to perform the operations extemal to the data storage system for the above 
reasons. 

Regarding claim 59, O'Hare discloses the at least one filter and the input inside the data storage 
system (Figure 3, Reference 63 and 62 respectively). However, O'Hare does not disclose the 
data structure disposed outside of the storage system. Systems are implemented according to 
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design goals and thus elements are located in a system to meet the design goals. Accordingly, it 
is a matter of design choice to locate the data structure outside of O'Hare's storage system. 

6. Claims 42 and 58 are rejected under 35 U.S.C. 103(a) as being impatentable over O'Hare 
et al. (USPN: 6,484,173) in view of Monsen et al. (PGPUB: 2003/0050962). 

Regarding claims 42 and 58, O'Hare does not disclose the filter and the input disposed on the 
outside of the storage system. However, Monsen discloses a filter and an input disposed outside 
of a storage system (Monsen - filter; Figure 1, Reference 12; input; signals lines coupling 
References 20-24 and 12; storage system; Figure 1, Reference 34). It is common knowledge in 
the art to remove functionality and/or logic from one device to another to simplify the design 
thereof or to free the device from performing such functions so that the device may perform 
other functions [efficiency]. This feature would be desirable in the system of O'Hare if one 
wanted to simplify the design of the storage system or to operate the storage system more 
efficiently and thus it would have been obvious to one of ordinary skill in the art to modify 
O'Hare's system to dispose the filter and the input outside of the storage system for the above 
reasons. 

Response to Arguments 

7. Applicant's arguments filed have been fully considered but they are not persuasive. 
O'Hare teaches authorizing a non-media access request to a logical device from a device that 
lacks data access privileges to that device. Refer to C 13, L 24-31. When a pass override is set, 
a system call is allowed access to the device even when data access privileges are prevented to 



Application/Control Number: 09/75 1 ,684 Page 1 3 

Art Unit: 2187 

that device. When a pass override is not set, a system call is allowed access to the device based 
at least in part on an identity of the device. 

Conclusion 

8. Any inquiry concerning this commxmication or earlier communications from the 
examiner should be directed to Kimberly N. McLean-Mayo whose telephone number is 703-308- 
9592. The examiner can normally be reached on M (10:00 - 6:30); Tues, Thr (10:00 - 4:00). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Donald Sparks can be reached on 703-308-1756. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an appUcation may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the mfeclfomc BusinesaGenter (EBC) at 86&-217-9197 (toll-free). 
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